Compare Cisco ASA NGFW vs. Fortinet FortiGate

Cisco ASA NGFW is ranked 2nd in Firewalls with 64 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 56 reviews. Cisco ASA NGFW is rated 8.0, while Fortinet FortiGate is rated 8.6. The top reviewer of Cisco ASA NGFW writes "Gives us visibility into potential outbreaks as well as malicious users trying to access the site". On the other hand, the top reviewer of Fortinet FortiGate writes "Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network". Cisco ASA NGFW is most compared with Fortinet FortiGate, Meraki MX Firewalls and Cisco Firepower NGFW, whereas Fortinet FortiGate is most compared with Cisco ASA NGFW, Meraki MX Firewalls and pfSense. See our Cisco ASA NGFW vs. Fortinet FortiGate report.
Cancel
You must select at least 2 products to compare!
Cisco ASA NGFW Logo
69,963 views|52,369 comparisons
Fortinet FortiGate Logo
167,200 views|115,601 comparisons
Most Helpful Review
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: January 2020.
390,810 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world.The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall.The firepower sensors have been great; they do a good job of dropping unwanted traffic.Unfortunately in Cisco, only the hardware was good.The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats.I like the Cisco ASDM (Adaptive Security Device Manager), which is the configuration interface for the Cisco firewall.The technical team is always available when we have problems.

Read more »

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus.The security features are about the best that I've seen anywhere.It blocks the vulnerabilities that can negatively impact us.Anti-Spam web content filterinG.This solution has solid UTM features combined with a nice GUI.This is a quality product with ok support, and it is better than the competition we've tried.The features that we have found most valuable are the SSL VPN and the User Portal.

Read more »

Cons
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help.The software was very buggy, to the point it had to be removed.In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved.The Sandbox and the Web Censoring in this solution need to be improved.It will be nice if they had what you traditionally would use a web application scanner for. If the solution could take a deeper look into HTTP and HTTPS traffic, that would be nice.

Read more »

I think there could be more QoS featuresImprovement is needed in the Web Filter quotas to restrict users with allocated quotas.Technical support for this solution can be improved.I would like to have logs, monitoring, and reporting for a month without extra fees.The Web-filter in this solution is not very good.FortiOS is not simple.This product could be improved with Active directory integration and better handling in IPsec and GRE Tunnels.I use the FortiGate 60D model and realized the 300Mbps bandwidth limitation. Because it is a product that offers many services, I think it could have greater bandwidth capacity.

Read more »

Pricing and Cost Advice
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.Always consider what you might need to reduce your wasted time and invest it in other solutions.We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months.The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology.The program is very expensive.The cost of this solution is high.Some of our customers would be more likely to standardize on Cisco equipment if the cost was lower because a lot of people install cheap equipment.

Read more »

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.The pricing for this solution is good.Before choosing a piece of equipment you have to take into account the cost-benefit offered by each one. Sometimes it is not worth paying a very cheap price to have a minimum level of security.Each feature costs money, so it is important to study your needs.I would say that all things considered, the pricing is pretty good.Fortinet is reasonable in pricing and licensing. Overall, FortiGate is affordable. The licensing fee can be a little high, depending on the budget for your project.Our licensing costs are on a yearly basis.Compared to Palo Alto, which we have used in the past, pricing and licensing are okay.

Read more »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
390,810 professionals have used our research since 2012.
Answers from the Community
Miriam Tover
author avatarAlberto E. Luna Rodriguez
Real User

Fortinet FGs: Great devices, relatively easy to deploy and maintain. Cheaper than most devices of their kind. If you're looking for a lot of features at a relatively low price point this is the way to go. However, beware of Fortinet's promises performance-wise, if you take this route you'll want to over-dimension your device a bit, otherwise you will not be activating the features you're buying. Stability and reliability is OK (careful with software upgrades as they tend to break some things).

Cisco ASA: My personal preference because of the peace of mind they provide (specially if it's your phone that rings every time something breaks). Not as friendly as Fortinet, takes effort deploy and maintain. They are more expensive and offer less features, but they do the work they are built for, and they do it exceptionally. If you are looking for stability, reliability and great support, and you don't mind spending some extra dollars then this is the way to go, Firepower adds some of the missing features that other vendors offer, but not as well integrated IMO. They are improving on that regard, but still lag behind other vendors with UTM devices.

author avatarKevinRoberts
Consultant

Cisco has been playing catchup for years with regards to firewalls, they still don't have it. Personal preference is PA however I would also recommend Fortinet hands down over the Cisco ASA if my job depended on it.

author avatarVejai Sammy
User

Cisco ASA is an excellent product if you don't need UTM capabilities and will be leveraging other security solutions to complete your security architecture. We recently replaced our ASA with Fortinet as the latter provided a UTM device that was more inline with our strategy to simplify our architecture and operations. The Fortinet VDOM approach is miles ahead of Cisco providing flexibility in how we deploy our security appliance which would be much more difficult with the ASA. Even though we are a Cisco shop, the FortiGate has proven to be easier to manage and gets the job done, no issues after almost 1 year of operation. Other benefits include the lower cost, less complexity in licensing and the FortiOS Security Fabric which can extend seamlessly to incorporate switches and APs allowing you to easily build out your security infrastructure and manage it all through a single pane of glass with FortiAnalyzer and FortiManager integrated into the box. What more can you ask for?

author avatarNetwork Engineer with 201-500 employees
Real User

1. The biggest difference between the two is the pricing. You can get a higher model of FortiGate with all the bells and whistles for a quarter of the price of the basic model of the Cisco Firepower (cisco's next gen firewalls).
2. Cisco ASA will be end of production pretty soon. I am unsure if they will continue to sell the ASA with Firepower bundle.
3. The only upside of buying Cisco these days is for the TAC support which of course comes with a huge cost of smartnet support cost.
4. The down side of FortiGate is that their support isn't as great as Cisco. So if you know what you are doing you can get by with FortiGate just fine and save a bunch of money in the process. It is not that difficult to work with FortiGate.
5. My suggestion is do a Proof of Concept with both the hardware on site and evaluate the performance and ease of use. Your sales rep for Cisco and FortiGate should be able to get you a demo device.
6. Also key when choosing a firewall is understanding the nature of your traffic. For example: My previous company dealt with a lot of bid traffic which are really small packets but in large numbers and the Palo Alto firewall that we brought for almost $500K could not handle it, hence do your due diligence and understand the traffic that will be passing through the firewall.
7. Evaluate the firewall to see if it can handle east-west traffic security (zero trust deployment).

author avatarVinodPol
Real User

In Comparison between Cisco ASA and Fortinet, I can recommend always Fortinet is Ahead of Cisco. Being deployed both firewalls into our managed environment I have better experience with Fortinet,
1. FortiGate Hardware is seen to be providing better performance in front of Cisco where Hardware issues are almost NIL. Failover between devices is seamless comparing Cisco ASA
2. The port density and type (Copper/fiber) comes along with Any FortiGate hardware at his throughput comparison level is high and you will have privilege to deploy firewall in your customize scenarios. Which further gives cost advantage.
3. The VDOM management concept is one of the differentiated factor where manageability and sharing firewall in multi environment projects is saves cost.
4. Forti manager and Forti analyzer are best to manage multiple firewalls in single pane.
5. Both firewalls Support most NGFW features. But I feel FortiGate is superior with respect to management of policies, IP based, user based, DNS based and application based.
6. Support wise FortiGate is seen advance in front of Cisco TAC.
7. Mainly, you will not see or less IOS bugs, vulnerabilities in Foregate where Cisco you have to constant keep upgrading with frequent IOS releases.
8. You will see more API integration options with FortiGate than ASA to customize, automate some of the operational cases.

author avatarCOO/CTO at a pharma/biotech company with 11-50 employees
Real User

Before I respond completely, does it matter if the bandwidth is compromised while all firewall apps are active?

My experience with Fortinet was heavy overhead while their firewall apps were active. This was with a 1GHz Verizon FIOS business account (1 GHz up AND download). Hardwired endpoints and WiFi connections using Fortigate APs were under 20 devices. We were below 100 MHz and was confirmed with my 3rd party whom I had a 5 day a week 8 hours/day support account. That is a greater than 90% overhead. The Fortinet device was a 90-D router - that was overkill for what my company size was and yet, still had that performance.

author avatarJefferson Loiseau
User

In order to answer that question a few things needs to be understood about the current environment.

For small to medium business where funding is a concern, the Fortinet are a very good long term solution. If you are deploying an External and Internal environment, you could leverage a combination of both where the Cisco ASA is on the internal and Fortinet on the external.

Fortinet’s are easier to deploy and there security approach is top end.

ASA are a bit more difficult and with the FirePower are known to be an issue when deploying and pushing out policies.

I’d be more inclined to go with the Fortinet’s than ASA’s is staff and resources are limited.

author avatarGoumouFerdinand
Real User

Hello, I recommend Cisco ASA, it is very consistence, powerful, flexible and interoperability that is the main goal of Cisco products. I always recommend to my client ASA if they need Firewall only.
Fortigate is a good product, easy to implement and manage, it is also less expensive compare to ASA, I most of the time recommend Fortinet to a client who have limited budget for security, so by choosing Fortigate, the client can use the other services such as antivirus, malware protection, application control and so on.
So in summary the choice is not made base on the device, but base on the customer infrastructure, budget and technical resource they have to manage the devices.

Cheers,

Ranking
2nd
out of 50 in Firewalls
Views
69,963
Comparisons
52,369
Reviews
69
Average Words per Review
385
Avg. Rating
7.8
1st
out of 50 in Firewalls
Views
167,200
Comparisons
115,601
Reviews
55
Average Words per Review
365
Avg. Rating
8.5
Top Comparisons
Compared 38% of the time.
Compared 16% of the time.
Compared 10% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire FirewallsFortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Learn
Cisco
Fortinet
Overview

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

Offer
Learn more about Cisco ASA NGFW
Learn more about Fortinet FortiGate
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
Top Industries
REVIEWERS
Financial Services Firm20%
Manufacturing Company11%
Comms Service Provider9%
University7%
VISITORS READING REVIEWS
Software R&D Company29%
Comms Service Provider17%
Media Company8%
Retailer5%
REVIEWERS
Comms Service Provider10%
Financial Services Firm10%
Healthcare Company8%
Real Estate/Law Firm8%
VISITORS READING REVIEWS
Software R&D Company23%
Comms Service Provider16%
Media Company8%
Cloud Provider6%
Company Size
REVIEWERS
Small Business35%
Midsize Enterprise25%
Large Enterprise41%
VISITORS READING REVIEWS
Small Business33%
Midsize Enterprise22%
Large Enterprise46%
REVIEWERS
Small Business48%
Midsize Enterprise27%
Large Enterprise25%
VISITORS READING REVIEWS
Small Business55%
Midsize Enterprise27%
Large Enterprise18%
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: January 2020.
390,810 professionals have used our research since 2012.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.